0

I'm attempting to create a Lotus Notes mail extractor, using the Java API, but I haven't found any way to decrypt mail files. I'm creating a session using a super-admin user's credentials, and retrieved (encrypted) files show encrypted even when the account used is that of the sender of the mail.

Now, I am told by a potential client which requires this feature that he can provide the private keys (not sure yet by which means, if a string or modifying the .ID files (?).

So my question is, what are my options for what I'm trying to accomplish? I would most strongly prefer to use the Java API, though I know there's an impersonation method in C, but which required the user's ID file or credentials.

And if it can't be automated, is there some sort of server certificate that would enable me to extract decrypted mail?

Thanks in advance!

Endo
  • 363
  • 1
  • 6
  • 20

1 Answers1

0

The (private) keys that you need to decrypt encrypted mail documents are stored in the ID-files. You can open an ID-file only by using the correct password. Only then it is possible to impersonate someone in Notes. There is no such thing as a global key or a server certificate that can be used to open any document.

When A sends an encrypted mail to B, the mail is encrypted using B's public key. The resulting document can only be decrypted using B's private key. That also means that not even A can read that mail!

Notes sure is safe! :-)

D.Bugger
  • 2,300
  • 15
  • 19
  • So I would need to have usernames and passwords for all users, and a method to impersonate using a correct ID file supplied? This doesn't sound viable at all; is there no other other way? – Endo Nov 07 '12 at 17:44
  • AFAIK there is no other way: you need ALL the ID-files and their passwords, one for each encrypted mail database. – D.Bugger Nov 08 '12 at 00:15